From ffb54325630df1550f76d72af9978186630db221 Mon Sep 17 00:00:00 2001
From: Jorge Hernandez <jorge.hernandez-herrero@att.com>
Date: Fri, 26 Oct 2018 08:46:00 -0500
Subject: Detection of AAF enablement

Change-Id: I049e88bec2c83f6224ba1d1f24b93e0fb1aa807e
Issue-ID: POLICY-1216
Signed-off-by: Jorge Hernandez <jorge.hernandez-herrero@att.com>
---
 .../common/endpoints/http/server/HttpServletServer.java | 12 ++++++++++++
 .../endpoints/http/server/HttpServletServerFactory.java |  2 +-
 .../http/server/internal/JettyServletServer.java        | 17 +++++++++++++++++
 3 files changed, 30 insertions(+), 1 deletion(-)

(limited to 'policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http')

diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java
index 1f008a8b..c4db9fbe 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java
@@ -49,6 +49,18 @@ public interface HttpServletServer extends Startable {
      */
     void setBasicAuthentication(String user, String password, String relativeUriPath);
 
+    /**
+     * Enables AAF based authentication.
+     *
+     * @param filterPath filter path
+     */
+    void setAafAuthentication(String filterPath);
+
+    /**
+     * Checks if AAF authentication has been enabled.
+     */
+    boolean isAaf();
+
     /**
      * Adds a filter at the specified path.
      *
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
index 488512f9..4a33f568 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServerFactory.java
@@ -247,7 +247,7 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory {
             /* authentication method either AAF or HTTP Basic Auth */
 
             if (aaf) {
-                service.addFilterClass(contextUriPath, CadiFilter.class.getCanonicalName());
+                service.setAafAuthentication(contextUriPath);
             } else if (userName != null && !userName.isEmpty() && password != null && !password.isEmpty()) {
                 service.setBasicAuthentication(userName, password, authUriPath);
             }
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
index ebac41ef..0c52aca8 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java
@@ -37,10 +37,12 @@ import org.eclipse.jetty.server.SecureRequestCustomizer;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.Slf4jRequestLog;
+import org.eclipse.jetty.servlet.FilterHolder;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.security.Credential;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.onap.aaf.cadi.filter.CadiFilter;
 import org.onap.policy.common.endpoints.http.server.HttpServletServer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -233,6 +235,21 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable
         return new ServerConnector(this.jettyServer);
     }
 
+    @Override
+    public void setAafAuthentication(String filterPath) {
+        this.addFilterClass(filterPath, CadiFilter.class.getCanonicalName());
+    }
+
+    @Override
+    public boolean isAaf() {
+        for (FilterHolder filter : context.getServletHandler().getFilters()) {
+            if (CadiFilter.class.getCanonicalName().equals(filter.getClassName())) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     @Override
     public void setBasicAuthentication(String user, String password, String servletPath) {
         String srvltPath = servletPath;
-- 
cgit 1.2.3-korg